National Grid is UK Critical National Infrastructure and a designated NIS Operator of Essential Services. Interviews probe OT cyber depth, regulatory fluency (NIS / OFGEM CAF) and operational resilience.
How would you design an IDS deployment for a 400kV substation?
Passive monitoring only (SPAN / TAP, never inline), protocol-aware sensor (DNP3, IEC 61850, GOOSE), out-of-band management network, alert routing to OT SOC with engineering on-call, false-positive tuning informed by maintenance windows. No active scanning.
A vendor needs remote access to patch a substation RTU. Walk me through the controls.
Time-bound jump-host access via DMZ broker, MFA + just-in-time credential, full session recording, engineer escort, change-window approval, post-session log review, vendor cyber attestation on file.
Explain the difference between IT and OT incident response priorities.
IT: confidentiality + integrity first, availability third. OT: safety + availability first, integrity second, confidentiality third. Containment actions that take systems offline can directly endanger lives and the grid — coordinate every step with operations.
How does NIS2 / CAF differ from ISO 27001 in your day-to-day?
CAF is outcomes-focused with 4 objectives (manage risk, protect, detect, minimise impact). ISO is controls-based. CAF assessments emphasise evidence of effectiveness, not just policy existence. OFGEM scrutiny is tougher than typical certification.
Tell me about an incident that affected operations.
STAR with safety + availability framing, regulator awareness, post-incident review. Avoid stories where confidentiality dominated.
For OT roles yes. For corporate IT cyber roles, OT exposure is a plus but not required.
BPSS minimum. SC for roles touching national control infrastructure.
Yes — but OT roles require regular substation / control-room presence.
Premium members get the full round structure, signals, and AI-graded practice.